Dave Cottlehuber and I have been working on adding per-jail metadata feature to FreeBSD.
Many thanks to the Jails Working Group for their feedback over the past few months. Now it’s time for wider feedback. Dave’s blog provides the details and some great examples: https://people.freebsd.org/~dch/posts/2025-01-12-jail-metadata/.
The gist is that you can attach public and private metadata to jails, that can be tweaked at runtime, and queried to do clever and useful things, like tagging jails so you can group them, or providing a mechanism to pass a single-use token into a jail, instead of exposing secrets in environment variables or sticking them in a filesystem.
This isn’t committed to main yet, and can be tested with the following patch: https://reviews.freebsd.org/D47668.
The following screencast provides a short demonstration, accompanied by a very professional soundtrack unexpectedly provided by my kid 😅:
Feedback is welcomed, the best place for it is the jails mailing list: https://lists.freebsd.org/subscription/freebsd-jail.
The original announce from Dave: https://mastodon.social/@[email protected]/113816293068045306.
Copyright © Igor Ostapenko
(handmade content)
Post a comment